Position: VAPT Engineer

Location: Mumbai

Responsibilities:

• Conduct comprehensive penetration testing of systems, applications, and infrastructure, following established testing methodologies and best practices.
• Perform black box, grey box, and white box web application penetration testing to identify vulnerabilities and potential security risks.
• Conduct mobile application penetration testing to assess the security posture of mobile applications.
• Perform API penetration testing to identify vulnerabilities and potential security risks associated with APIs.
• Conduct infrastructure penetration testing to assess the security of network devices, servers, databases, and other infrastructure components.
• Conduct secure code reviews to identify vulnerabilities and provide recommendations for improving code security.
• Perform configuration reviews of various systems, including Windows, Linux, UNIX, Solaris, and databases, to identify security misconfigurations.
• Demonstrate a good understanding of OWASP top ten vulnerabilities and apply appropriate testing methodologies to identify and exploit them.
• Stay updated with emerging threat patterns, compliance standards, and industry best practices related to penetration testing.
• Utilize penetration testing tools and software frameworks such as Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, and Fortify.
• Utilize scripting languages like Shell, Python, PERL, etc., for automating tasks and developing proof-of-concept exploits.
• Collaborate with project teams and clients to understand their security requirements and provide remediation support.
• Prepare comprehensive vulnerability assessment reports, including identified vulnerabilities, potential impact, and recommended remediation measures.
• Conduct report walkthrough discussions and presentations to clients, explaining identified vulnerabilities and their potential impact.
• Actively participate in the security community by attending technical sessions, participating in bug bounty programs, and sharing knowledge and insights.

Requirements:

• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Minimum of 1-5 years of experience in penetration testing or a similar role.
• Strong understanding of penetration testing process, methodologies, and best practices.
• Knowledge of OWASP top ten vulnerabilities and the ability to apply appropriate testing techniques.
• Familiarity with emerging threat patterns and compliance standards in the cybersecurity field.
• Experience in black box, grey box, and white box web application penetration testing.
• Experience in mobile application and API penetration testing.
• Experience in infrastructure penetration testing, including network devices, servers, and databases.
• Knowledge of secure code review techniques and ability to identify vulnerabilities in code.
• Strong knowledge of TCP/IP, networks, firewalls, IDS/IPS, routers, switches, and network architecture.
• Experience with vulnerability assessment and penetration testing tools such as Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, and Fortify.
• Proficiency in scripting languages like Shell, Python, PERL, etc., for automating tasks and developing proof-of-concept exploits.
• Preferred certifications: OSCP, CEH, GWAPT.
• Excellent communication skills with the ability to present findings, discuss reports, and provide remediation support to clients.
• Active participation in the security community, including technical sessions and bug bounty programs, is a plus.

Application Process: To apply for this position, please email your updated resume and a cover letter to shwedas@deloitte.com and mthakkar.ext@deloitte.com. In your cover letter, please highlight your relevant experience and qualifications in penetration testing. Only shortlisted candidates will be contacted for further evaluation.

Note: The job description provided above is a general overview and may include additional responsibilities that are not mentioned. The responsibilities and requirements of the role may be subject to change based on the needs of the company.